SOC L2 Lead

Key Responsibilities:

• Oversee the functioning and performance of the SOC Level 2 team, ensuring 24/7 operational readiness.
• Serve as the primary escalation point for complex security incidents and investigations.
• Lead and coordinate incident response activities, including containment, eradication, recovery, and post-incident reviews.
• Guide, mentor, and train SOC analysts; provide regular feedback and performance evaluations.
• Develop and enhance SOC processes, playbooks, and standard operating procedures (SOPs).
• Collaborate with senior leadership, IT, and business units to ensure effective communication and resolution of security incidents.
• Onboard and operationalize new monitoring tools and technologies; ensure proper documentation and knowledge transfer.
• Monitor the health and performance of security tools; manage configuration changes through formal change management processes.
• Perform regular audits and generate compliance reports to support certifications such as

  TISAX

  ,

  ISO 27001

  , and other regulatory requirements.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Conduct threat modeling, develop detection use cases, and implement them in SIEM and other monitoring platforms.
• Analyze outputs from SIEM, NDR, EDR, and vulnerability management tools; assign and track remediation tasks.
• Lead root cause analysis and lessons learned sessions post-incident to drive continuous improvement.

Required Qualifications:

• Bachelor s degree in computer science, Information Security, or a related field; or equivalent professional experience.
• Minimum 6 years of experience in IT, with at least 4 years in Security Operations.
• Proven experience in:
• SIEM (e.g., Elasticsearch, Qradar)
• NDR (e.g., Darktrace)
• EDR (e.g., McAfee, TrendMicro, SentinelOne)
• DLP (McAfee)
• Vulnerability Management (e.g., Tenable)
• Incident Response and Threat Hunting
• Strong understanding of:
• Network and endpoint security
• Authentication mechanisms
• Operating systems (Windows, Linux)
• Firewalls, databases, middleware
• Familiarity with SOAR platforms (e.g., Swimlane, Tines) and scripting (Python, PowerShell).
• Excellent communication, leadership, and analytical skills.

Certifications:

• Required:

  CISSP, CISM, or CISA

• Preferred:

  ITIL Foundation,

Preferred Skills:

• Experience with cloud security monitoring (AWS, Azure, GCP).
• Knowledge of Privileged Access Management (PAM) solutions.
• Ability to fine-tune TTPs and SOPs for evolving threat landscapes.
• Proficiency in preparing executive-level reports and dashboards.